Security Bulletin: IBM Edge Data Collector uses black-24.10.0-py3-none-any.whl which is vulnerable to CVE-2026-31900, CVE-2026-32274.

Summary IBM Edge Data Collector uses black-24.10.0-py3-none-any.whl which is vulnerable to CVE-2026-31900, CVE-2026-32274. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-31900 DESCRIPTION: Black is the uncompromising Python code formatter...

CVE-2026-32274

CVE-2026-32274 affects the Black Python formatter prior to 26.3.1. The cache filename is derived from various formatting options, and the value of the --python-cell-magics option was included without sanitization, allowing an attacker who controls that value to write cache files to arbitrary file...

apache-gravitino (>=1.2.0 <=1.2.1rc2), cloudquery-plugin-sdk (=0.1.52) +14 more potentially affected by CVE-2026-32274 via black (>=26.1.0 <=26.3.0)

black PYPI version =26.1.0, =1.2.0, =0.4.0, =0.2.2, =2.189.0, =0.12.0, =0.7.4, =0.8.0, =0.1.8, =2.54.8, =0.17.1, =1.2.1, =0.1.2, =0.1.3 and more Source cves: CVE-2026-32274 Source advisory: SNYK:PYTHON-BLACK-15518063...

aac (>=0.4.0 <=0.5.21), aac-gen-gherkin (>=0.1.0 <=0.1.4) +1566 more potentially affected by CVE-2026-32274 via black (>=18.3.0a0 <=26.3.0)

black PYPI version =18.3.0a0, =0.4.0, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.0, =0.0.2.4, =0.5.14, =0.0.2, =0.5.2, =0.1.0, =0.0.1, =0.1.2 and more Source cves: CVE-2026-32274 Source advisory: OSV:GHSA-3936-CMFR-PM3M...

GHSA-3936-CMFR-PM3M Black: Arbitrary file writes from unsanitized user input in cache file name

Impact Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file...

Black's vulnerable version parsing leads to RCE in GitHub Action

Impact Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. Th...

EUVD-2016-10375

Malware in sbrugna...

abedy-gitlab-client (>=0.0.2.4 <=0.3.0), abilian-devtools (>=0.5.14 <=0.7.3) +1315 more potentially affected by CVE-2024-21503 via black (>=18.3.0a0 <=24.2.0)

black PYPI version =18.3.0a0, =0.0.2.4, =0.5.14, =0.1.0, =0.0.1, =0.1.5, =0.1.0, =0.4.0, =1.0.0, =0.1.2, =0.1.2, =0.1.0, =0.1.2, =1.0.2 - aibs-informatics-test-resources =0.0.4 and more Source cves: CVE-2024-21503 Source advisory: OSV:GHSA-FJ7X-Q9J7-G6Q6...

DEBIAN-CVE-2024-21503

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...

PYSEC-2024-48

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...

UBUNTU-CVE-2024-21503

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...

PT-2024-2442 · Black +1 · Black +1

Name of the Vulnerable Software and Affected Versions: black versions prior to 24.3.0 Description: The issue is related to a Regular Expression Denial of Service ReDoS vulnerability via the lines with leading tabs expanded function in the strings.py file. An attacker could exploit this by craftin...

abilian-devtools (>=0.5.15 <=0.7.3), aiden-ai (=0.2.0) +279 more potentially affected by CVE-2024-21503 via black (>=24.10.0 <=24.2.0)

black PYPI version =24.10.0, =0.5.15, =1.1.0, =1.1.20, =0.0.6, =0.2.0, =0.1.0, =0.1.2, =0.1.9, =0.1.0, =0.3.7.dev0, =0.9.5 - aus-council-scrapers =0.1.0 - autorunner-1-0-0 =1.0.0 and more Source cves: CVE-2024-21503 Source advisory: SNYK:PYTHON-BLACK-6256273...